Fedora 32 released this week! How do I get Docker working again?
Hey everyone, Fedora 32 was released earlier this week on the 28th. I like to have the latest software running on my computer so I upgraded as soon as I could, but I noticed something when I ran my next
The Docker repositories were disabled, so I wouldn’t get any updates!
The Docker devs didn’t have a repo ready for Fedora 32.
Normally waiting for an update isn’t a big deal but Fedora made a few changes recently and I wanted to write down how I came over them.
If you’ve been using Fedora for a while now, then this may be old news to you but starting with Fedora 31, Fedora now uses CGroupsV2. CGroups is what a lot of container solutions are built on top of, and version 2 brings a lot of improvements, but Docker and other tools aren’t yet compatible with this feature set yet, so we need to switch back to the old version, Docker’s documentation tells us to do the following:
sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
Running the above code will revert us back to version 1 of CGroups, and we could continue on with following the rest of the Docker documentation but another change was made with Fedora 32.
Fedora ships with
firewalld and in the latest release the backend for it was switched from
So I did some searching around and found this issue on GitHub.
There are some pretty detailed comments left by Christian Korneck and Alexandre that help us out.
Christian’s comment is that we should make sure that Docker’s network interface
docker0 is part of the trusted zone, and we can do that with the snippet provided:
firewall-cmd --permanent --zone=trusted --add-interface=docker0 firewall-cmd --reload
And Alexandre’s comment tells us we need to do a little bit more:
firewall-cmd --get-zone-of-interface=enp1s0 FedoraWorkstation firewall-cmd --zone=FedoraWorkstation --add-masquerade --permanent firewall-cmd --reload
In the above example, your network adapter may not match the one given, what I did was type:
firewall-cmd --get-zone-of-interface= and tap my Tab key until my shell auto-completed the
interface I needed because I did not remember how to get a list of network interfaces when I was doing this :P.
The second line tells us to enable masquerading permanently, so that our containers and
other private network stuff on our local machine can successfully communicate with the outside world. If you want to know more, you should read the
firewalld documentation, I’m not really the best person to explain this part.
The third line restarts the firewall. Now your existing Docker installation should work.
We’ll still have to wait for the Fedora 32 repo to get set up, or you could try to grab an rpm from the current repos. I did find an interesting thread on reddit while searching for answers.
If you really want docker on Fedora 32, just grab
moby-enginefrom the Fedora repos.
I couldn’t find a straight answer right away about what
moby-engine is, and it looks like you would
hear of it only if you heard about it from someone else, but it provides
docker, and it sounds like
it is just upstream Docker depending on who you ask.
I found a blog post that explains this a bit.
So I uninstalled Docker from my computer, removed the disabled repo, and installed
docker, and when I ran
docker --version I got
Docker version 19.03.8, build afacb8b.
That looks good to me, but I didn’t fully accept it until I did
dnf provides docker and it confirmed that it was provided by the
$ dnf provides docker Last metadata expiration check: 1:12:42 ago on Thu 30 Apr 2020 09:28:35 PM EDT. moby-engine-19.03.8-1.ce.gitafacb8b.fc32.x86_64 : The open-source application : container engine Repo : @System Matched from: Provide : docker = 19.03.8-1.ce.gitafacb8b.fc32 moby-engine-19.03.8-1.ce.gitafacb8b.fc32.x86_64 : The open-source application : container engine Repo : fedora Matched from: Provide : docker = 19.03.8-1.ce.gitafacb8b.fc32
From there you can install
docker-compose and everything works as if nothing had changed.
I think this is really cool to know, and it also introduces me to the Moby Project, so if I want to know what’s new with Docker containers I know where to look.
I hope this post helped you get your environment fixed or taught you something new! If you want to reach out, I’m on Twitter: @ajkhan_.